Results 1 to 8 of 8

Thread: All user data and passwords are leaked, this site has been hacked in 2017

  1. #1

    Exclamation All user data and passwords are leaked, this site has been hacked in 2017

    Just found my username and email address on this page through a quick google search:

    https://cdn.databases.today/random/v...om-vb-2017.txt

    The site's security should really be checked ASAP!

    Thankfully I'm not using the password I have here on any other places since ages.
    Lalli

  2. #2
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    Location
    South Wales, UK
    Posts
    1,246
    Blog Entries
    2
    Hi Lalli,

    1) You should use different passwords for every site you log in to, if you share a password across multiple sites you make it easy for hackers if one site is compromised
    2) The last user on that list signed up in 2016, if I recall correctly I did a site upgrade around that time due to the possibility the site had been compromised
    3) Whilst the list appears to contain passwords, these are hashed, so even if they have the salt for the hash, reversing a password is a long process as you effectively have to start with a guess, hash it and compare that to what you have in the list. Getting a password from that list could take years

    Hope that clarifies a few things for you.
    :: AthenaOfDelphi :: My Blog :: My Software ::

  3. #3
    That file is from 2017. I changed my password so...
    No signature provided yet.

  4. #4
    Same here. I don't even have this old email address anymore
    Current (and lifetime) project: FAR Colony
    https://www.farcolony.com/

  5. #5
    Fortunately I changed my password too

  6. #6
    PGDCE Developer de_jean_7777's Avatar
    Join Date
    Nov 2006
    Location
    Bosnia and Herzegovina (Herzegovina)
    Posts
    287
    Afair, there was a notification on PGD about the leak. The poster is just a bit late to it. But many other leaks and hacks were the reason why I started using a password manager like LastPass. Looking into Firefox Lockwise now (not that LastPass is bad, I just prefer Mozilla software).
    Existence is pain

  7. #7
    Quote Originally Posted by de_jean_7777 View Post
    But many other leaks and hacks were the reason why I started using a password manager like LastPass.
    And you think that your online browsing is now safer?

    What happens if someone gets a hold of your password manager login information? Wouldn't that give them access to any site whose password are you managing though this password manager? Not to mention that this password manager also hold information of which sites are you visiting which is information that they would not be able to get from you if they would managed to somehow get a hold of password for just one site that you are visiting.

    Personally I trust to only one password manager and that is my brain

  8. #8
    PGDCE Developer de_jean_7777's Avatar
    Join Date
    Nov 2006
    Location
    Bosnia and Herzegovina (Herzegovina)
    Posts
    287
    Quote Originally Posted by SilverWarior View Post
    And you think that your online browsing is now safer?
    Probably a lot more than it was before since I reused a password for many sites.

    Quote Originally Posted by SilverWarior View Post
    What happens if someone gets a hold of your password manager login information? Wouldn't that give them access to any site whose password are you managing though this password manager? Not to mention that this password manager also hold information of which sites are you visiting which is information that they would not be able to get from you if they would managed to somehow get a hold of password for just one site that you are visiting.
    In which case I'm mostly f@!#$$% but as my email password is in my brain and not in the manager I can recover 95% of them.

    Quote Originally Posted by SilverWarior View Post
    Personally I trust to only one password manager and that is my brain
    Too many sites to remember them, and too many shared passwords. Someone got ahold of my Skrill, Vimeo and Netflix accounts, and some others. There is just no way I can remember all the logins, especially business accounts which have weird access passwords.

    It's not the "be all, end all" security measure, which is why I still have 2FA for many sites, but it turned out more reliable than my brain
    Existence is pain

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •